package com.palantir.crypto2.hadoop;

import com.google.common.annotations.VisibleForTesting;
import com.palantir.crypto2.KeyStorageStrategy;
import com.palantir.crypto2.cipher.SeekableCipher;
import com.palantir.crypto2.cipher.SeekableCipherFactory;
import com.palantir.crypto2.hadoop.cipher.FsCipherInputStream;
import com.palantir.crypto2.hadoop.cipher.FsCipherOutputStream;
import java.io.IOException;
import org.apache.hadoop.fs.FSDataInputStream;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.FilterFileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.util.Progressable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/palantir/crypto2/hadoop/EncryptedFileSystem.class */
public final class EncryptedFileSystem extends FilterFileSystem {
    private static final Logger log = LoggerFactory.getLogger(EncryptedFileSystem.class);
    private static final String DEFAULT_CIPHER_ALGORITHM = "AES/CTR/NoPadding";
    public static final String CIPHER_ALGORITHM_KEY = "fs.cipher";
    private final KeyStorageStrategy keyStore;

    public EncryptedFileSystem(FileSystem fileSystem, KeyStorageStrategy keyStorageStrategy) {
        super(fileSystem);
        this.keyStore = keyStorageStrategy;
    }

    public FSDataInputStream open(Path path, int i) throws IOException {
        return new FSDataInputStream(new FsCipherInputStream(this.fs.open(path, i), SeekableCipherFactory.getCipher(getCipherAlgorithm(), this.keyStore.get(path.toString()))));
    }

    public FSDataOutputStream create(Path path, FsPermission fsPermission, boolean z, int i, short s, long j, Progressable progressable) throws IOException {
        FSDataOutputStream create = this.fs.create(path, fsPermission, z, i, s, j, progressable);
        SeekableCipher cipher = SeekableCipherFactory.getCipher(getCipherAlgorithm());
        FSDataOutputStream fSDataOutputStream = new FSDataOutputStream(new FsCipherOutputStream(create, cipher), (FileSystem.Statistics) null);
        this.keyStore.put(path.toString(), cipher.getKeyMaterial());
        return fSDataOutputStream;
    }

    public boolean rename(Path path, Path path2) throws IOException {
        this.keyStore.put(path2.toString(), this.keyStore.get(path.toString()));
        boolean rename = this.fs.rename(path, path2);
        if (rename) {
            tryRemoveKey(path);
        } else {
            tryRemoveKey(path2);
        }
        return rename;
    }

    private void tryRemoveKey(Path path) {
        try {
            this.keyStore.remove(path.toString());
        } catch (Exception e) {
            log.warn("Unable to remove KeyMaterial for file: {}", path);
        }
    }

    @VisibleForTesting
    String getCipherAlgorithm() {
        return getConf().get(CIPHER_ALGORITHM_KEY, DEFAULT_CIPHER_ALGORITHM);
    }
}
